#!/usr/bin/python

# Copyright (c) 2009, Purdue University
# All rights reserved.
# 
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice, this
# list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
# 
# Neither the name of the Purdue University nor the names of its contributors
# may be used to endorse or promote products derived from this software without
# specific prior written permission.
# 
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

"""make acls for Roster"""


__copyright__ = 'Copyright (C) 2009, Purdue University'
__license__ = 'BSD'
__version__ = '0.5'


import os
import sys
import getpass

from optparse import OptionParser

from roster_user_tools import cli_common_lib
from roster_user_tools import roster_client_lib


def main(args):
  """Collects command line arguments.

  Inputs:
    args: list of arguments from the command line
  """
  parser = OptionParser()

  parser.add_option('-a', '--acl', action='store', dest='acl',
                    help='Modify an access control list. (name)', default=None)
  parser.add_option('--cidr-block', action='store', dest='cidr_block',
                    help='Cidr block or single IP address. Used for making'
                         ' ACLs.', default=None)
  parser.add_option('--allow', action='store_true', dest='allow',
                    help='Allow access for specified ACL.', default=None)
  parser.add_option('--deny', action='store_false', dest='deny',
                    help='Deny access for specified ACL.', default=None)
  parser.add_option('-s', '--server', action='store', dest='server',
                    help='XML RPC Server URL.', metavar='<server>',
                    default='https://localhost:8000')
  parser.add_option('-u', '--username', action='store', dest='username',
                    help='Run as a different username.', metavar='<username>',
                    default=unicode(getpass.getuser()))
  parser.add_option('-p', '--password', action='store', dest='password',
                    help='Password string, NOTE: It is insecure to use this '
                         'flag on the command line.', metavar='<password>',
                    default=None)
  parser.add_option('-c', '--cred-file', action='store', dest='credfile',
                    help='Location of credential file.', metavar='<cred-file>',
                    default=os.path.join(os.path.expanduser('~'), '.dnscred'))
  parser.add_option('--cred-string', action='store', dest='credstring',
                    help='String of credential.', metavar='<cred-string>',
                    default=None)
  parser.add_option('--no-header', action='store_true', dest='no_header',
                    help='Do not display a header.', default=False)
  parser.add_option('-q', '--quiet', action='store_true', dest='quiet',
                    help='Suppress program output.', default=False)

  (globals()["options"], args) = parser.parse_args(args)

  acls = roster_client_lib.RunFunction(
      u'ListACLs', options.username, credfile=options.credfile,
      credstring=options.credstring, server_name=options.server,
      kwargs={u'acl_name': options.acl, u'cidr_block': options.cidr_block})[
          'core_return']
  if( not acls ):
    if( options.cidr_block is None ):
      cli_common_lib.DnsError('To make an ACL a CIDR block or ip address '
                              'must be specified with the --cidr-block '
                              'flag.', 1)
    if( options.allow is not None and options.deny is not None ):
      cli_common_lib.DnsError('--allow and --deny cannot be used '
                              'simultaneously.', 1)
    allowed=0
    if( options.allow ):
      allowed=1
    roster_client_lib.RunFunction(
        u'MakeACL', options.username, credfile=options.credfile,
        credstring=options.credstring, server_name=options.server,
        args=[options.acl, options.cidr_block, allowed])
    if( not options.quiet ):
      print 'ADDED ACL: acl: %s cidr_block: %s allowed: %s' % (
          options.acl, options.cidr_block, options.allow)
  else:
    cli_common_lib.DnsWarning('ACL already exists.')


if __name__ == "__main__":
  main(sys.argv[1:])
